Re: The Trouble with Ruby

I like Ruby but I don’t see it becoming a mainstream language soon. The biggest strength of Ruby–the OO nature of the language and some of its cooler constructs–are its greatest weakness. Consider continuations, for example. How many people in the world would know how to implement something with continuations without screwing up?

By definition, the vast majority of developers out there have average skills. They need tools and programming models that are safe more than they are powerful. We learned this in spades at Allaire. ColdFusion became one of the most widely used Web development platforms because it created a rubber room where hackers, non-professional programmers and many others could build apps without the thinking too hard. Were they the best architected, most scalable apps? Absolutely not. But they came out quickly and they worked. (Hey, MySpace was built on ColdFusion initially and it served them well.)

Sim is one of the smartest guys I have met but I have to disagree with this post. He seems to think he is talking about danger vs. safety but I think he is actually talking about having a shallow learning curve.

Continuations are not dangerous

Continuations are so hard to understand and use that average programmers don’t even try to use them. Even if they do try, they’re extremely unlikely to stumble upon a dangerous solution, that is, one that looks right but is subtly and perniciously wrong. Go ahead, try it; if you’re an average programmer, or even a pretty good one of the C++/Java/VB persuasion, take a look at this and this and then try to picture where and how you would use them. And then, ask yourself if you actually would.

(Contrast that to a really dangerous feature, like C macros. They look seductively simple, but the pitfalls are legion, just waiting for the right conditions.)

ColdFusion is not a rubber room

In fact, ColdFusion has a few pitfalls of its own. ColdFusion was groundbreakingly innovative in its heyday, and continues to be (IMO) the single easiest way for web designers to wade into the programming pool. But that is different than being “safe” or a “rubber room”, which implies that it’s hard for users to hurt themselves. For example, the following three snippets all look like canonical examples of CFML (circa 1998, at least–I haven’t kept up) to the casual eye, but they are all actually showstopping bugs:

Re SQL injection, yup, I know there is a right way to do it but the wrong way is the obvious way and works.

Isn’t that what my example does? Or by “multiple places” do you literally mean from different .cfm files rather than different threads?

I don’t blame CF for the SQL injection or XSS vulnerability, none of us knew about those back in the wild wooly days of the web. No other web scripting language does a significantly better job either… they’re all about the same, which was really my point.

sql injection is not something that is being taught in school except if you take a wowowoww class which I do not know about. Programmers will tend to go for easiest ways which point Joe Cheng example. If a mature forum software like invision power board which have version v0.0.0.0.0 could make such vulnerabilities go to securityfocus.com there are abunch out there then what about the web applications in the WWW that are not mature yet ?

nanas, totally agree. I didn’t mention it in my post but there are a couple of ways DB APIs can minimize the temptation to insert unescaped strings. For example, the PreparedStatement class in JDBC (Java) leaves you with little excuse.

Continuations are only hard to understand if you try to learn via a CS-oriented article on Wikipedia, or by looking at Ruby’s Kernel documentation. Do you know how to use the Enumeration#each method? Then you know how to use continuations.

Mike, there’s a world of difference between using a library that is implemented using continuations, and actually implementing something using continuations yourself. We are talking about the latter (although I see now that I didn’t make that explicit).

(And just to nitpick, Enumeration#each uses blocks/closures, not continuations…)

One thing that jumps to mind as a use for continuations would be in game programming. Of course the irony is that I’m not quite sure Ruby, Lisp, etc. are really up to the task of coding the next great XBox 360 game but there are some nice bits of logic you could implement with continuations.